search menu icon-carat-right cmu-wordmark

Archive: August 2018

Challenges Facing Insider Threat Programs and Hub Analysts: Part 1 of 2

Challenges Facing Insider Threat Programs and Hub Analysts: Part 1 of 2

• Insider Threat Blog
Jason W. Clark

The purpose of this two-part blog series is to discuss five challenges that often plague insider threat programs and more specifically the analysts that are working in insider threat hubs. I am in a unique position to discuss this area because I have many years of experience working directly with operational insider threat programs of varying maturity levels. Thus I have a front-row vantage point to understand the challenges that analysts face on a daily...

Read More
Improving Cybersecurity Governance via CSF Activity Clusters

Improving Cybersecurity Governance via CSF Activity Clusters

• Insider Threat Blog
Dan Kambic

The National Institute for Science and Technology (NIST) recently released version 1.1 of its Cybersecurity Framework (CSF). Organizations around the world--including the federal civilian government, by mandate--use the CSF to guide key cybersecurity activities. However, the framework's 108 subcategories can feel daunting. This blog post describes the Software Engineering Institute's recent efforts to group the 108 subcategories into 15 clusters of related activities, making the CSF more approachable for typical organizations. The post also gives...

Read More
Foundational Research Behind Text Analytics for Insider Threat: Part 2 of 3

Foundational Research Behind Text Analytics for Insider Threat: Part 2 of 3

• Insider Threat Blog
Carrie Gardner

In this blog series, I review topics related to deploying a text analytics capability for insider threat mitigation. In this segment, I continue the conversation by disambiguating terminology related to text analysis, summarizing methodological approaches for developing text analytics tools, and justifying how this capability can supplement an existing capability to monitor insider threat risk. In my next post, Acquiring or Deploying a Text Analytics Solution, I will discuss how organizations can think through the...

Read More